Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANWtx03NccQrbZ8ZB7TcOWKtHNjvTWyZLP=7rvJd9hJCbpGRXg@mail.gmail.com>
Date: Thu, 25 Apr 2013 21:37:55 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Charset filters and options

On Thu, Dec 20, 2012 at 1:43 PM, Stephen John Smoogen <smooge@...il.com>wrote:

> On 20 December 2012 09:03, Rich Rumble <richrumble@...il.com> wrote:
> > I've searched all over, but can't exactly find the answer. If I want
> > to make rockyou.txt into my own chr file (I'm increasing from 8 to 12
> > length), and I use
> > --external=filter_alnum, it yields the following:
> >
> > Successfully written charset file: alnum_12.chr (36 characters)
> >
> > Should I modify the external filter to also include Uppercase letters?
> > It seems on the surface that only lower will be tried since it's a-z
> > 0-9 (36).
> > I've made this modification but so far I can't tell (1hour) if it's
> > had an effect...
> > if ((c < 'a' || c > 'z') && (c < '0' || c > '9') && (c < 'A' || c >
> 'Z')) {
> > Naturally I've increased the CharCount to 62 after creating the chr file.
> > I assume incremental mode takes CASE into account, all.chr seems to
> > use uppercase characters, but the modified (the line above) doesn't
> > seem to even though the charcount went from 36 to 62 after recreating.
>
> It will only affect things to the probability that A-Z were used in
> the rockyou which isn't a lot.. so you are going to have wait until
> the first 35 characters are run or so before you start seeing a lot of
> caps being checked . I have tried the following to various effects:
>
> 1) Build a filter and run rockyou.txt through it and then grep for
> output which matches what I want. [EG if every password starts with a
> capital.. grep '^[A-Z].*$' and then use that output to create a
> trained file. This increases the chance of caps showing up in the
> first letter before others.. but it is not going to stop showing up
> test candidates like abcdefdg.
>
> 2) Run a long filter chain.. john --session=A --stdout --inc:alnum |
> python filter.py | john --session=B --stdin --format=blah pwd.foo
>
> > It's been discussed previously, but would it be possible to
> > "artifically" pad the pot file with at least one uppercase character
> > in each line so that incremental would be more likely to include an
> > uppercase in each try? Or should I use my all lower alpha_num to
> > stdout and use a mangling rule (NT) to make that happen. I'm sure I
> > could use all.chr and specify the external filter, but that seems like
> > it'd be slower than incremental "trained" to use at least 1 upper and
> > 1 special or what have you.
> > -rich
>
Sorry to dredge this one back up, but the more recent thread about the new
charset lengths (super excited about that), and I think it applies to this
previous thread more than the new one. All.chr is 96 characters, but alnum
is 36, as far as i can tell it never tries any capitals at all:
c:\JohnTheRipper\run>john-any.exe -i=alnum c:\temp\alnum-test.txt
Loaded 3 password hashes with no different salts (NT MD4 [32/32])
guesses: 0  time: 0:00:00:08 DONE (Thu Apr 25 21:25:48 2013)  c/s: 21453K
trying: x9wql - x9wvx
(maxlen=5, charcount=36)
---
c:\cygwin\JohnTheRipper\run>john-any.exe -i=all5 C:\temp\alnum-test.txt
Loaded 3 password hashes with no different salts (NT MD4 [32/32])
BbB              (bbb)
AaA              (aaa)
aaB              (aab)
guesses: 3  time: 0:00:00:05 DONE (Thu Apr 25 21:29:49 2013)  c/s: 5426K
trying: asM - jfM

I find alnum.chr a very useful character set even if it's all lower, but I
might find it more useful if it were 62 characters. While RockYou is an
outstanding file to train the charset's on, I am often re-training mine of
the passwords I'm finding, and more an more they are containing Alpha with
CaMElcAse. I have been able to compensate using stdout/pipe+nt, the changes
I made to the filter was correct, I'm going to try to test that again now.
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.